In the Fiscal Year 2005 Consolidated Appropriations Act, Congress required agencies to enhance the protection of personally identifiable information (PII) that they collect and use. The act also requires inspectors general to periodically conduct reviews of their agencies’ implementation of the requirements.
Accordingly, we are initiating an audit of the Department of Transportation’s (DOT) information management practices for protection of PII. The audit objectives are to determine whether (1) DOT has established adequate procedures for the collection, use, and security of PII; (2) DOT ensures compliance with its own privacy and data protection policies and applicable laws and regulations to prevent unauthorized access to or unintended use of PII; and (3) DOT’s Operating Administrations properly evaluate the necessity of using PII to process system data. We have contracted with KPMG LLP, an independent public accounting firm, to conduct this review, subject to our oversight.